Best Practice - PowerPoint PPT Presentation


PPT – Best Practice PowerPoint presentation | free to download - id: 80cee4-MWNlO


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Best Practice


Audit changes to this account. ... Grouping user based on daily tasks and access needs, ex: Accounting. ... Implement least-privilege, role-based access controls for ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 17
Provided by: souEdu
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Best Practice

Best Practice
  • Why reinvent the wheel?

Quick AD overview
  • Domain controllers
  • Member servers
  • Client computers
  • User accounts
  • Group accounts
  • OUs
  • GPOs

Commonly Leveraged Vulnerabilities
  • Most security gaps are unintentional
  • Estimated 97 can be fixed or avoided
  • Entry point
  • Only need one
  • Initial targets
  • Attractive accounts for credential theft

  • In Active Directory
  • Accounts with elevated privileges
  • On Domain Controller (DC)
  • Consider it Critical Infrastructure
  • Operating systems
  • Inconsistency

Activities Likely to Increase Compromise
  • High privileged accounts are usually the targets
  • Not maintaining separate admin credentials
  • Logging into unsecure computers
  • Browsing the internet
  • Same credentials on all local machines
  • Improper management

Reduce AD Attack Surface
  • Principal of least privilege
  • Users should have least privileges needed to
    complete the task.
  • Privileged accounts are dangerous accounts
  • Model privilege reduction in every area of the

Reducing Privileges
  • Larger the organization, the more complex, the
    more difficult to secure
  • Securing local administrator accounts
  • workstations
  • member servers
  • Securing local privileged accounts in AD
  • Built-in admin accounts
  • Audit changes to this account
  • Securing Administrator, Domain Admin and
    Enterprise Admin groups
  • Securing Domain Admins Group
  • Securing Administrators Groups

Role-Based Access Controls (RBAC)
  • Grouping user based on daily tasks and access
    needs, ex
  • Accounting
  • Marketing
  • Controls unnecessary privileges
  • Simplest implementation -gt roles in AD DS
  • Commercial, off-the-shelf (COTF) available

Privileged Identity/Account Management
  • Design, creation and implementation used to
    managed privileged accounts
  • Manually created or third-party software

Robust Authentication Controls
  • Exponential growth in credential theft attacks
    due to widely available tools
  • Identify accounts most likely to be targeted
  • Do not use single factor authentication

Secure Administrative Hosts
  • Never administer a trusted system from an
    insecure host.
  • Do not rely on single authentication
  • Do not ignore physical security
  • Even if organization does not use smart cards
    consider using it for privileged accounts

Security DC Against Attack
  • Same practices already discussed
  • Physical security
  • Limit RDP
  • Patch
  • Security configuration wizard
  • Microsoft Security Compliance Manager
  • Block Internet access on DC
  • Perimeter firewall restrictions
  • DC firewall

Signs of Compromise
  • Windows Audit Policy
  • Events to monitor
  • AD objects and attributes to monitor
  • Classify security events

Planning for Compromise
  • It is generally well-accepted that if an
    attacker has obtained SYSTEM, Administrator,
    root, or equivalent access to a computer,
    regardless of operating system, that computer can
    no longer be considered trustworthy, no matter
    how many efforts are made to clean the system.
    Active Directory is no different.
  • Prevention is better than reaction

Best Practice Best Practice Tactical or Strategic Preventative or Detective
1 Patch applications. Tactical Preventative
2 Patch operating systems. Tactical Preventative
3 Deploy and promptly update antivirus and antimalware software across all systems and monitor for attempts to remove or disable it. Tactical Both
4 Monitor sensitive Active Directory objects for modification attempts and Windows for events that may indicate attempted compromise. Tactical Detective
5 Protect and monitor accounts for users who have access to sensitive data Tactical Both
6 Prevent powerful accounts from being used on unauthorized systems. Tactical Preventative
7 Eliminate permanent membership in highly privileged groups. Tactical Preventative
8 Implement controls to grant temporary membership in privileged groups when needed. Tactical Preventative
9 Implement secure administrative hosts. Tactical Preventative
10 Use application whitelisting on domain controllers, administrative hosts, and other sensitive systems. Tactical Preventative
11 Identify critical assets, and prioritize their security and monitoring. Tactical Both
12 Implement least-privilege, role-based access controls for administration of the directory, its supporting infrastructure, and domain-joined systems. Strategic Preventative
13 Isolate legacy systems and applications. Tactical Preventative
14 Decommission legacy systems and applications. Strategic Preventative
15 Implement secure development lifecycle programs for custom applications. Strategic Preventative
16 Implement configuration management, review compliance regularly, and evaluate settings with each new hardware or software version. Strategic Preventative
17 Migrate critical assets to pristine forests with stringent security and monitoring requirements. Strategic Both
18 Simplify security for end users. Strategic Preventative
19 Use host-based firewalls to control and secure communications. Tactical Preventative
20 Patch devices. Tactical Preventative
21 Implement business-centric lifecycle management for IT assets. Strategic N/A
22 Create or update incident recovery plans. Strategic N/A
  • Best Practices for Securing Active Directory.
    (2013). 314.
  • Melber, D. (n.d.). The Administrator Shortcut
    Guide to Active Directory Security.